Comware

 View Only
Back to discussions
Expand all | Collapse all

ACL on VLAN interface?

This thread has been viewed 24 times

  • 1.  ACL on VLAN interface?

    Posted Oct 05, 2022 10:18 AM
    Edited by d.p Oct 05, 2022 03:05 PM
    I am trying to apply an ACL on an MSR954  to limit access via SSH/HTTP/HTTPS from specific source networks but not sure on how I do this.   

    1. Allow ssh from xx.xx.xx.xx/24 to vlan1
    2. Allow http/https from xx.xx.xx.xx/24 to vlan1
    3. Deny ssh/http/https/telnet from ANYWHERE to vlan1

    UPDATE: If anyone wants to do this in comware  7.1.064, you can have an ACL with a name and a number and ssh server only allows you to specify an ACL with a number.   So I would just create the ACL using a number because you can't use a named one when locking down ssh. 

    Anyways this should do it (telnet is disabled globally already):

    Basic IPv4 ACL 2999, 5 rules,
    ACL's step is 5
    rule 10 permit source xx.xx.xx.xx  0.0.0.255 (4 times matched)
    rule 10 comment allow lumen
    rule 15 permit source xx.xx.xx.xx  0.0.0.255
    rule 15 comment allow cogent
    rule 20 permit source xx.xx.xx.xx  0.0.0.31
    rule 20 comment allow att
    rule 25 permit source xx.xx.xx.xx  0.0.0.7
    rule 25 comment allow sg
    rule 10000 deny logging (107 times matched)
    #####################
    ssh server acl 2999
    #####################
    ip http acl 2999
    ip https acl 2999

    ​​​


Related Content